Generic framework for EAP

US 20080196089A1
Filed: 02/09/2007
Published: 08/14/2008
Est. Priority Date: 02/09/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable components comprising:

an application component that, when executed, obtains credential information for an entity; and

an authentication component, separate from the application component, that, when executed, performs a method for authenticating the entity using the credential information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An EAP-based authentication framework is provided that decouples credential acquisition from EAP methods that use credentials for authentication. An application may request from an EAP method parameters of credentials required by the EAP method. In response, the EAP method provides credential parameters, which may then be used by the application to acquire credentials consistent with the parameters from the user or other entity. The framework enables an application to request credentials in a context specific way. In addition, the application may simultaneously obtain credentials used in multiple authentication operations through a single user interface, or retain credentials for later use without further prompting a user such that a Single Sign-on user experience may be implemented. Additionally, the application can obtain credentials from a device so that the device may gain network access without requiring a user logon.

Citations

20 Claims

1. A computer-readable medium having computer-executable components comprising:
- an application component that, when executed, obtains credential information for an entity; and
  
  an authentication component, separate from the application component, that, when executed, performs a method for authenticating the entity using the credential information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable medium of claim 1, wherein the entity is a device and the application component, when executed, obtains device credential information.
  - 3. The computer-readable medium of claim 1, wherein the entity is a user and the application component, when executed, obtains user credential information through a user interface.
  - 4. The computer-readable medium of claim 3, wherein the application component, when executed:
    - obtains parameters of the user credentials from the EAP component; and
      
      builds the user interface using the parameters.
  - 5. The computer-readable medium of claim 4, wherein:
    - the authentication component comprises a first EAP component;
      
      the computer-readable medium further comprises a second EAP component that, when executed, performs a second method of authenticating the entity using second credential information; and
      
      the application component, when executed, builds a user interface thorough which the application prompts a user to enter the credential information and the second credential information.
  - 6. The computer-readable medium of claim 1, wherein the computer-executable components comprise a first application programming interface and a second application programming interface, the first application programming interface providing a credential definition from the authentication component to the application component and the second application programming interface providing credential information from the application component to the authentication component.
  - 7. The computer-readable medium of claim 6, wherein the application component comprises a portion of an operating system that, when executed, performs a user logon function.

8. A method of operating a client device to authenticate an entity, comprising:
- obtaining from a first component parameters of credentials;
  
  obtaining, with a second component, credential information consistent with the parameters;
  
  providing the credential information to the first component; and
  
  interacting between the first component and an authenticator external to the client device using the credential information.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - storing, with the first component, the credential information.
  - 10. The method of claim 8, wherein obtaining credential information meeting the parameters comprises building a user interface through which a user may enter credential information.
  - 11. The method of claim 8, wherein:
    - the first component is a first EAP method; and
      
      the method further comprises;
      
      obtaining from a second EAP method second parameters of second credentials;
      
      obtaining, with the second component, second credential information meeting the second parameters.
  - 12. The method of claim 8, wherein the credential information and the second credential information are obtained through a user interface.
  - 13. The method of claim 8, wherein the credential information may be used to perform network access authentication and entity logon, with the network access authentication preceding the user entity.
  - 14. The method of claim 13, wherein the entity is a device.
  - 15. The method of claim 13, wherein the entity is a user.

16. A method of communicating between an application and an EAP component in a device, comprising the steps of:
- making a request from the application to receive credential parameters; and
  
  providing with the EAP component credential parameters in response to the request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - obtaining with the application credentials consistent with the credential parameters; and
      
      making at least one call from the application, the at least one call having at least one argument conveying credentials consistent with the credential parameters.
  - 18. The method of claim 17, further comprising:
    - in response to the at least one call, from the EAP component, accessing an authenticator external to the device using the credentials.
  - 19. The method of claim 17, wherein the obtained credentials may be used to perform network access authentication and device logon, with the network access authentication preceding the device logon.
  - 20. The method of claim 16, wherein:
    - the EAP component is a first EAP component; and
      
      the method further comprises;
      
      making a second request from the application to receive second credential parameters;
      
      obtaining, with the application, second credentials consistent with the second credential parameters; and
      
      making at least one second call from the application, the at least one second call having at least one argument conveying the credentials and the second credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Baron, Andrew, Mandhana, Taroon, Malik, Prashant, Mahajan, Saurabh

Granted Patent

US 8,307,411 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

H04L 63/083 using passwords cryptograph...

H04L 63/162 at the data link layer

Generic framework for EAP

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Generic framework for EAP

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links